SlideShare a Scribd company logo

BYOD presentation Init 6 + ISSA PR Chapter joint meeting

Download as PPTX, PDF
Jose L. Quiñones-Borrero
Jose L. Quiñones-Borrero

A technical overview of the dangers of BYOD in an enterprise

Technology
1 of 20
Obsidis Consortia, Inc. BYOD:Bring Your Own Darkside José L. Quiñones-Borrero, BS MCP, MCSA, MCT, CEH, CEI, GCIH, GPEN, RHCSA
What is OC, Inc? • Obsidis Consortia, Inc. [OC, Inc.] is a non-profit organization that promotes security awareness in the community and supports professional development of security professionals, students and enthusiasts in Puerto Rico. • OC, Inc. has develop and is supporting initiatives like the Init6 Security User Group, Professional Training & Workshops, Network and Security Systems Simulation Scenarios (Capture the Flag), Security BSides Puerto Rico Conference and a Community Outreach Program.
Why BYOD? • What's Mine Is Mine, What's Yours Is Mine, Too • Employees Happier, More Productive? • Gartner Predicts by 2017, Half of Employers will Require Employees to Supply Their Own Device for Work Purposes
Why NOT? • Little or no control over devices • Privacy issues about device’s content • No jurisdiction over devices
What are these devices?
Laptops • Live CD/USB – Live USB Creator – Unetbootin • Virtual Machines – VMware Player – VirtualBox • Full OS on Hardware – Kali/Backtrack – Pentoo – BackBox
Smartphones and Tablets • Jailbreak iOS • Rooted Android • Ubuntu Touch (Phone)
Others • Home Routers – Linksys WRT-54G – Alfa Network AP-121U – TP-Link WR703N • Custom Firmware – DD-RWT – OpenWrt w/Jasager – Totmato Router
Let focus on iOS …
Apple iOS AppStore Goodness • iNet • TIOD • IPScanner • zScan Pro • Whois • TCPinger • Net Utility • VNC viewer • RDP client • aSubnet • Python 2.7
Cydia
Jailbroken iOS • Tools – nmap, tcpdump, ettercap, aircrack- ng*, dns2tcp, netcat • Development – Python, Ruby, Perl, SQLite • OS – wget, curl, grep, sed, awk, inetutils, whois, locate • Deamons – dns, http, dhcp, ftp, vnc
Installing Metasploit on iOS 1. Jailbrake your iOS devices 2. Install BigBoss Recomended Tools 3. ruby_1.9.2-p180-1-1_iphoneos-arm.deb 4. iconv_1.14-1_iphoneos-arm.deb 5. zlib_1.2.3-1_iphoneos-arm.deb 6. metasploitframework4.5.tgz
What about Android?
PwnPad ($895.00) •Wireless ToolsAircrack-ng •Kismet •Wifite •Reaver •MDK3 •EAPeak •Asleap •FreeRADIUS-WPE •Hostapd Bluetooth Tools: •bluez-utils •btscanner •bluelog •Ubertooth tools •Web ToolsNikto •Wa3f •Network ToolsNET-SNMP •Nmap •Netcat •Hping3 •Macchanger •Tcpdump •Tshark •Ngrep •Dsniff •Ettercap-ng •SSLstrip •Hamster & Ferret •Metasploit 4 •SET •Easy-Creds •John (JTR) •Hydra •Pyrit •Scapy
Can we be more creative?
Red Teaming BYOD • Raspberry Pi ($35) – 700 Mhz A7, 512MB, HD, 2 USB 2.0, Ethernet – Huge development community – Debian and Red Hat based distros • CubieBoard ($80) – 1 Ghz A10, 1 GB, HD, 2 USB 2.0, Ethernet – Some community support – Ubuntu and Android • Odroid ($90) – 1.7 Quad A9, 2GB, HD, 2USB 2.0, Ethernet – No community yet(new platform) – Ubuntu and Android
Demo
Open Discussion … Q & A
Please visit us to keep in touch … www.ObsidisConsortia.org www.BSidesPR.org https://www.youtube.com/channel/UCtpOw0dKOIVJu7JZqHx4oQg https://plus.google.com/u/0/communities/102771209982001396923 https://facebook.com/obsidisconsortia https://twitter.com/BSidesPR Affiliates: www.TalktoanIT.com www.codefidelio.org www.darkoperator.com

Recommended

Social engineereing
Social engineereingSocial engineereing
Social engineereingSri Manakula Vinayagar Engineering College
 
Build an azure connected io t device in 45 minutes (or less)
Build an azure connected io t device in 45 minutes (or less)Build an azure connected io t device in 45 minutes (or less)
Build an azure connected io t device in 45 minutes (or less)Marco Dal Pino
 
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...ProductNation/iSPIRT
 
Web application-security-and-why-you-should-review-yours
Web application-security-and-why-you-should-review-yoursWeb application-security-and-why-you-should-review-yours
Web application-security-and-why-you-should-review-yoursDavid Busby, CISSP
 
Governance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsGovernance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsMichael Scheidell
 
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...Michael Scheidell
 
Computing on the Move - Mobile Security
Computing on the Move - Mobile SecurityComputing on the Move - Mobile Security
Computing on the Move - Mobile SecurityAVG Technologies AU
 
IoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architectureIoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architecturePaul Fremantle
 

Recommended

Social engineereing
Social engineereingSocial engineereing
Social engineereingSri Manakula Vinayagar Engineering College
 
Build an azure connected io t device in 45 minutes (or less)
Build an azure connected io t device in 45 minutes (or less)Build an azure connected io t device in 45 minutes (or less)
Build an azure connected io t device in 45 minutes (or less)Marco Dal Pino
 
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...ProductNation/iSPIRT
 
Web application-security-and-why-you-should-review-yours
Web application-security-and-why-you-should-review-yoursWeb application-security-and-why-you-should-review-yours
Web application-security-and-why-you-should-review-yoursDavid Busby, CISSP
 
Governance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsGovernance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsMichael Scheidell
 
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...Michael Scheidell
 
Computing on the Move - Mobile Security
Computing on the Move - Mobile SecurityComputing on the Move - Mobile Security
Computing on the Move - Mobile SecurityAVG Technologies AU
 
IoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architectureIoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architecturePaul Fremantle
 
Protecting your home and office in the era of IoT
Protecting your home and office in the era of IoTProtecting your home and office in the era of IoT
Protecting your home and office in the era of IoTMarian Marinov
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamAmit Rohatgi
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Mohammed Adam
 
Datashur Presentation pin flash drive - Kingfin
Datashur Presentation pin flash drive - KingfinDatashur Presentation pin flash drive - Kingfin
Datashur Presentation pin flash drive - KingfinKingfin Enterprises Limited
 
IoTSummit: Design and architect always disconnected iot system
IoTSummit: Design and architect always disconnected iot systemIoTSummit: Design and architect always disconnected iot system
IoTSummit: Design and architect always disconnected iot systemMarco Dal Pino
 
Prakash Padariya - IoT Cyber Warfare
Prakash Padariya - IoT Cyber WarfarePrakash Padariya - IoT Cyber Warfare
Prakash Padariya - IoT Cyber WarfarePrakashPadariya1
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...Cisco Canada
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTWSO2
 
Internet of things
Internet of thingsInternet of things
Internet of thingsSenthilkumar Murugesan
 
Arnaud Thiercelin at AI Frontiers : AI in the Sky
Arnaud Thiercelin at AI Frontiers : AI in the SkyArnaud Thiercelin at AI Frontiers : AI in the Sky
Arnaud Thiercelin at AI Frontiers : AI in the SkyAI Frontiers
 
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2
 
IoT - Rise of New Zombies Army
IoT - Rise of New Zombies ArmyIoT - Rise of New Zombies Army
IoT - Rise of New Zombies ArmyMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?Zoltan Balazs
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of ThingsChristopher Frenz
 
Samsung and Android Security brochure
Samsung and Android Security brochureSamsung and Android Security brochure
Samsung and Android Security brochureSherief Razzaque
 
Tech Blogs - Pakistani Prospective
Tech Blogs - Pakistani ProspectiveTech Blogs - Pakistani Prospective
Tech Blogs - Pakistani ProspectiveFarhan Chawla
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamMohammed Adam
 
2B Kjesbu Cold Technology Warm Hands EHiN 2014
2B Kjesbu Cold Technology Warm Hands EHiN 20142B Kjesbu Cold Technology Warm Hands EHiN 2014
2B Kjesbu Cold Technology Warm Hands EHiN 2014IKT-Norge
 
How Search is Accelerating the Growth of Video in the Enterprise
How Search is Accelerating the Growth of Video in the EnterpriseHow Search is Accelerating the Growth of Video in the Enterprise
How Search is Accelerating the Growth of Video in the Enterprisesatishgannu
 
Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Adrian Sanabria
 
ATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real WorldATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real WorldAgile Testing Alliance
 

More Related Content

What's hot

Protecting your home and office in the era of IoT
Protecting your home and office in the era of IoTProtecting your home and office in the era of IoT
Protecting your home and office in the era of IoTMarian Marinov
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamAmit Rohatgi
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Mohammed Adam
 
IoTSummit: Design and architect always disconnected iot system
IoTSummit: Design and architect always disconnected iot systemIoTSummit: Design and architect always disconnected iot system
IoTSummit: Design and architect always disconnected iot systemMarco Dal Pino
 
Prakash Padariya - IoT Cyber Warfare
Prakash Padariya - IoT Cyber WarfarePrakash Padariya - IoT Cyber Warfare
Prakash Padariya - IoT Cyber WarfarePrakashPadariya1
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...Cisco Canada
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTWSO2
 
Arnaud Thiercelin at AI Frontiers : AI in the Sky
Arnaud Thiercelin at AI Frontiers : AI in the SkyArnaud Thiercelin at AI Frontiers : AI in the Sky
Arnaud Thiercelin at AI Frontiers : AI in the SkyAI Frontiers
 
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?Zoltan Balazs
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of ThingsChristopher Frenz
 
Samsung and Android Security brochure
Samsung and Android Security brochureSamsung and Android Security brochure
Samsung and Android Security brochureSherief Razzaque
 
Tech Blogs - Pakistani Prospective
Tech Blogs - Pakistani ProspectiveTech Blogs - Pakistani Prospective
Tech Blogs - Pakistani ProspectiveFarhan Chawla
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamMohammed Adam
 
2B Kjesbu Cold Technology Warm Hands EHiN 2014
2B Kjesbu Cold Technology Warm Hands EHiN 20142B Kjesbu Cold Technology Warm Hands EHiN 2014
2B Kjesbu Cold Technology Warm Hands EHiN 2014IKT-Norge
 
How Search is Accelerating the Growth of Video in the Enterprise
How Search is Accelerating the Growth of Video in the EnterpriseHow Search is Accelerating the Growth of Video in the Enterprise
How Search is Accelerating the Growth of Video in the Enterprisesatishgannu
 

What's hot (20)

Protecting your home and office in the era of IoT
Protecting your home and office in the era of IoTProtecting your home and office in the era of IoT
Protecting your home and office in the era of IoT
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you Spam
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
 
Datashur Presentation pin flash drive - Kingfin
Datashur Presentation pin flash drive - KingfinDatashur Presentation pin flash drive - Kingfin
Datashur Presentation pin flash drive - Kingfin
 
IoTSummit: Design and architect always disconnected iot system
IoTSummit: Design and architect always disconnected iot systemIoTSummit: Design and architect always disconnected iot system
IoTSummit: Design and architect always disconnected iot system
 
Prakash Padariya - IoT Cyber Warfare
Prakash Padariya - IoT Cyber WarfarePrakash Padariya - IoT Cyber Warfare
Prakash Padariya - IoT Cyber Warfare
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoT
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
Arnaud Thiercelin at AI Frontiers : AI in the Sky
Arnaud Thiercelin at AI Frontiers : AI in the SkyArnaud Thiercelin at AI Frontiers : AI in the Sky
Arnaud Thiercelin at AI Frontiers : AI in the Sky
 
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
 
IoT - Rise of New Zombies Army
IoT - Rise of New Zombies ArmyIoT - Rise of New Zombies Army
IoT - Rise of New Zombies Army
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
 
Samsung and Android Security brochure
Samsung and Android Security brochureSamsung and Android Security brochure
Samsung and Android Security brochure
 
Tech Blogs - Pakistani Prospective
Tech Blogs - Pakistani ProspectiveTech Blogs - Pakistani Prospective
Tech Blogs - Pakistani Prospective
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
 
2B Kjesbu Cold Technology Warm Hands EHiN 2014
2B Kjesbu Cold Technology Warm Hands EHiN 20142B Kjesbu Cold Technology Warm Hands EHiN 2014
2B Kjesbu Cold Technology Warm Hands EHiN 2014
 
How Search is Accelerating the Growth of Video in the Enterprise
How Search is Accelerating the Growth of Video in the EnterpriseHow Search is Accelerating the Growth of Video in the Enterprise
How Search is Accelerating the Growth of Video in the Enterprise
 

Similar to BYOD presentation Init 6 + ISSA PR Chapter joint meeting

Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Adrian Sanabria
 
ATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real WorldATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real WorldAgile Testing Alliance
 
Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfibramax
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
How to Take an Enterprise Approach in a SMB World - Jeff Shuron, Sports Physi...
How to Take an Enterprise Approach in a SMB World - Jeff Shuron, Sports Physi...How to Take an Enterprise Approach in a SMB World - Jeff Shuron, Sports Physi...
How to Take an Enterprise Approach in a SMB World - Jeff Shuron, Sports Physi...Spiceworks
 
Luiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchLuiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchYury Chemerkin
 
WSO2Con EU 2015: IoT in Finance
WSO2Con EU 2015: IoT in FinanceWSO2Con EU 2015: IoT in Finance
WSO2Con EU 2015: IoT in FinanceWSO2
 
The Internet of Things and You - A Developers Guide to IoT
The Internet of Things and You - A Developers Guide to IoTThe Internet of Things and You - A Developers Guide to IoT
The Internet of Things and You - A Developers Guide to IoTJim McKeeth
 
Successful Industrial IoT patterns
Successful Industrial IoT patterns Successful Industrial IoT patterns
Successful Industrial IoT patterns John Mathon
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2ShapeBlue
 
Zero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareZero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareMyNOG
 
Securing your Cloud Environment
Securing your Cloud EnvironmentSecuring your Cloud Environment
Securing your Cloud EnvironmentShapeBlue
 
Successful Industrial IoT Patterns
Successful Industrial IoT PatternsSuccessful Industrial IoT Patterns
Successful Industrial IoT PatternsWSO2
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3ShivamSharma909
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...bugcrowd
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...RootedCON
 
Privacy for tech startups
Privacy for tech startups Privacy for tech startups
Privacy for tech startups Marc Gallardo
 
Kinect kunkuk final_
Kinect kunkuk final_Kinect kunkuk final_
Kinect kunkuk final_Yunkyu Choi
 

Similar to BYOD presentation Init 6 + ISSA PR Chapter joint meeting (20)

Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Open Source Defense for Edge 2017
Open Source Defense for Edge 2017
 
ATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real WorldATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real World
 
Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdf
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 
How to Take an Enterprise Approach in a SMB World - Jeff Shuron, Sports Physi...
How to Take an Enterprise Approach in a SMB World - Jeff Shuron, Sports Physi...How to Take an Enterprise Approach in a SMB World - Jeff Shuron, Sports Physi...
How to Take an Enterprise Approach in a SMB World - Jeff Shuron, Sports Physi...
 
Luiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchLuiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitch
 
WSO2Con EU 2015: IoT in Finance
WSO2Con EU 2015: IoT in FinanceWSO2Con EU 2015: IoT in Finance
WSO2Con EU 2015: IoT in Finance
 
The Internet of Things and You - A Developers Guide to IoT
The Internet of Things and You - A Developers Guide to IoTThe Internet of Things and You - A Developers Guide to IoT
The Internet of Things and You - A Developers Guide to IoT
 
Successful Industrial IoT patterns
Successful Industrial IoT patterns Successful Industrial IoT patterns
Successful Industrial IoT patterns
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
 
Bulletproof IT Security
Bulletproof IT SecurityBulletproof IT Security
Bulletproof IT Security
 
Zero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareZero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source Software
 
Securing your Cloud Environment
Securing your Cloud EnvironmentSecuring your Cloud Environment
Securing your Cloud Environment
 
Successful Industrial IoT Patterns
Successful Industrial IoT PatternsSuccessful Industrial IoT Patterns
Successful Industrial IoT Patterns
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
 
Privacy for tech startups
Privacy for tech startups Privacy for tech startups
Privacy for tech startups
 
Kinect kunkuk final_
Kinect kunkuk final_Kinect kunkuk final_
Kinect kunkuk final_
 

More from Jose L. Quiñones-Borrero

Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?Jose L. Quiñones-Borrero
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresJose L. Quiñones-Borrero
 
Security B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneSecurity B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneJose L. Quiñones-Borrero
 
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingPrivacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingJose L. Quiñones-Borrero
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterJose L. Quiñones-Borrero
 
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Jose L. Quiñones-Borrero
 
Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013Jose L. Quiñones-Borrero
 
InfoSec professional advice to university students
InfoSec professional advice to university students InfoSec professional advice to university students
InfoSec professional advice to university students Jose L. Quiñones-Borrero
 

More from Jose L. Quiñones-Borrero (15)

Hacking blockchain
Hacking blockchainHacking blockchain
Hacking blockchain
 
Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?
 
Cryto Party at CCU
Cryto Party at CCUCryto Party at CCU
Cryto Party at CCU
 
Weaponization of IoT
Weaponization of IoTWeaponization of IoT
Weaponization of IoT
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and Countermeasures
 
Security B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneSecurity B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your Drone
 
CyberCrime attacks on Small Businesses
CyberCrime attacks on Small BusinessesCyberCrime attacks on Small Businesses
CyberCrime attacks on Small Businesses
 
Securing Your Business
Securing Your BusinessSecuring Your Business
Securing Your Business
 
InfoSec Gamification
InfoSec GamificationInfoSec Gamification
InfoSec Gamification
 
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingPrivacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August Meeting
 
Pivoting Networks - CSSIG Presentation
Pivoting Networks - CSSIG PresentationPivoting Networks - CSSIG Presentation
Pivoting Networks - CSSIG Presentation
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
 
Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013
 
InfoSec professional advice to university students
InfoSec professional advice to university students InfoSec professional advice to university students
InfoSec professional advice to university students
 

Recently uploaded

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

BYOD presentation Init 6 + ISSA PR Chapter joint meeting

  • 1. Obsidis Consortia, Inc. BYOD:Bring Your Own Darkside José L. Quiñones-Borrero, BS MCP, MCSA, MCT, CEH, CEI, GCIH, GPEN, RHCSA
  • 2. What is OC, Inc? • Obsidis Consortia, Inc. [OC, Inc.] is a non-profit organization that promotes security awareness in the community and supports professional development of security professionals, students and enthusiasts in Puerto Rico. • OC, Inc. has develop and is supporting initiatives like the Init6 Security User Group, Professional Training & Workshops, Network and Security Systems Simulation Scenarios (Capture the Flag), Security BSides Puerto Rico Conference and a Community Outreach Program.
  • 3. Why BYOD? • What's Mine Is Mine, What's Yours Is Mine, Too • Employees Happier, More Productive? • Gartner Predicts by 2017, Half of Employers will Require Employees to Supply Their Own Device for Work Purposes
  • 4. Why NOT? • Little or no control over devices • Privacy issues about device’s content • No jurisdiction over devices
  • 5. What are these devices?
  • 6. Laptops • Live CD/USB – Live USB Creator – Unetbootin • Virtual Machines – VMware Player – VirtualBox • Full OS on Hardware – Kali/Backtrack – Pentoo – BackBox
  • 7. Smartphones and Tablets • Jailbreak iOS • Rooted Android • Ubuntu Touch (Phone)
  • 8. Others • Home Routers – Linksys WRT-54G – Alfa Network AP-121U – TP-Link WR703N • Custom Firmware – DD-RWT – OpenWrt w/Jasager – Totmato Router
  • 9. Let focus on iOS …
  • 10. Apple iOS AppStore Goodness • iNet • TIOD • IPScanner • zScan Pro • Whois • TCPinger • Net Utility • VNC viewer • RDP client • aSubnet • Python 2.7
  • 11. Cydia
  • 12. Jailbroken iOS • Tools – nmap, tcpdump, ettercap, aircrack- ng*, dns2tcp, netcat • Development – Python, Ruby, Perl, SQLite • OS – wget, curl, grep, sed, awk, inetutils, whois, locate • Deamons – dns, http, dhcp, ftp, vnc
  • 13. Installing Metasploit on iOS 1. Jailbrake your iOS devices 2. Install BigBoss Recomended Tools 3. ruby_1.9.2-p180-1-1_iphoneos-arm.deb 4. iconv_1.14-1_iphoneos-arm.deb 5. zlib_1.2.3-1_iphoneos-arm.deb 6. metasploitframework4.5.tgz
  • 15. PwnPad ($895.00) •Wireless ToolsAircrack-ng •Kismet •Wifite •Reaver •MDK3 •EAPeak •Asleap •FreeRADIUS-WPE •Hostapd Bluetooth Tools: •bluez-utils •btscanner •bluelog •Ubertooth tools •Web ToolsNikto •Wa3f •Network ToolsNET-SNMP •Nmap •Netcat •Hping3 •Macchanger •Tcpdump •Tshark •Ngrep •Dsniff •Ettercap-ng •SSLstrip •Hamster & Ferret •Metasploit 4 •SET •Easy-Creds •John (JTR) •Hydra •Pyrit •Scapy
  • 16. Can we be more creative?
  • 17. Red Teaming BYOD • Raspberry Pi ($35) – 700 Mhz A7, 512MB, HD, 2 USB 2.0, Ethernet – Huge development community – Debian and Red Hat based distros • CubieBoard ($80) – 1 Ghz A10, 1 GB, HD, 2 USB 2.0, Ethernet – Some community support – Ubuntu and Android • Odroid ($90) – 1.7 Quad A9, 2GB, HD, 2USB 2.0, Ethernet – No community yet(new platform) – Ubuntu and Android
  • 18. Demo
  • 20. Please visit us to keep in touch … www.ObsidisConsortia.org www.BSidesPR.org https://www.youtube.com/channel/UCtpOw0dKOIVJu7JZqHx4oQg https://plus.google.com/u/0/communities/102771209982001396923 https://facebook.com/obsidisconsortia https://twitter.com/BSidesPR Affiliates: www.TalktoanIT.com www.codefidelio.org www.darkoperator.com